formbook | 09211066e9466efc740f2e4849fa7172105f5bd76832cd8c0a073d8280a47b04 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

09211066e9466efc740f2e4849fa7172105f5bd76832cd8c0a073d8280a47b04
Size

822KB
Sample

221010-ntjjysbfe3
MD5

e1c88ba9b3e626bf1af2441de04d6032
SHA1

55b001de613bbdc2961f4f4841c58bd9689cf310
SHA256

09211066e9466efc740f2e4849fa7172105f5bd76832cd8c0a073d8280a47b04
SHA512

a63765398a9405440b1cc0a2755f52b9df2d74b92d25e0002be9ab6d8270a51f43f89c62b591223b11f3544bbd3335dd406ab3b5e5748e3ed8e39d5ae794f721
SSDEEP

12288:WtIIfCafjmn0ff1bc2xTy6rlsmZ3a3MoidOoOzTH7LVLKgPKl/:MCjcBFDRsmx7koOzTpra

Score

10^/10

formbook wc8i rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

wc8i

Decoy

UEsWiyfYqmQNvTOptA==

xkCX/62S5T9rdB2b05xBg4rxlQLaVUe9

ZpOK23BVTxP8FSNy

Igv0TM9+KEt5gA==

PicJZvWugkx3vTOptA==

hjq7/6B526tBst81e2PkT2A=

n1/wYwi4CwrxIj8=

Cu+m69Y1HArxIj8=

6S5nmSXRNSyI9uVl

6vWe24JctS5dpVNA2nxw

tenxN71fDeRyniVYxYZn

aZGO0Hlh6Vh3vTOptA==

Fstlw3113rNcpKw0StHYHBbj3LTaVUe9

1uGa97usk+UB/vVBTce65X+AmNM=

EcxBfyParv8WGQcqdGPkT2A=

kLrHDbmpUFeEig==

gHw6gSnohI6vmQ==

Gd5jrmBApInCzNUQbWPkT2A=

TwShAJZqx6XLzvlA2nxw

xfsgh/yqK43FEBqf4Rx9787F

Targets

- Target
  
  09211066e9466efc740f2e4849fa7172105f5bd76832cd8c0a073d8280a47b04
- Size
  
  822KB
- MD5
  
  e1c88ba9b3e626bf1af2441de04d6032
- SHA1
  
  55b001de613bbdc2961f4f4841c58bd9689cf310
- SHA256
  
  09211066e9466efc740f2e4849fa7172105f5bd76832cd8c0a073d8280a47b04
- SHA512
  
  a63765398a9405440b1cc0a2755f52b9df2d74b92d25e0002be9ab6d8270a51f43f89c62b591223b11f3544bbd3335dd406ab3b5e5748e3ed8e39d5ae794f721
- SSDEEP
  
  12288:WtIIfCafjmn0ff1bc2xTy6rlsmZ3a3MoidOoOzTH7LVLKgPKl/:MCjcBFDRsmx7koOzTpra
Score

10^/10

formbook wc8i rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookwc8iratspywarestealertrojan

behavioral2

formbookwc8iratspywarestealertrojan